Data collected by local government units can be a dangerous tool in the hands of criminals. Information that is stolen can be used to forge a person’s identity. Meanwhile, the level of investment in cyber security is low in municipalities, and the number of hacker attacks on them is steadily increasing. Experts are awaiting the positive effects of the government program Cyber Safe Self-Government. Under this program, 1.5 billion PLN will be invested in improving the cybersecurity of local governments: both at the level of hardware and software, and skills and procedures.
“Municipalities are increasingly becoming the target of cyberattacks because of their bank accounts. The goal of cyber criminals is to gain money. Therefore, the data operated by each municipality and its systems will be targeted by criminals. It’s not just about data that can be stolen and sold back again in the form of ransom, which is illegal in any case. In addition, one must remember that someone may be lurking for money in municipal bank accounts, requesting transfers, or issuing false invoices. The important thing here is not whether someone will be hacked, but when and how quickly because where there is money, there are hackers.”, says Mateusz Ossowski in an interview for News Agency Newseria Innowacje.
Data from CERT Poland shows that public administration is increasingly the target of cyber criminals. In 2020, there were 388 incidents aimed at it, two years later that number grew to 757, and in 2023 there were already 2.2 thousand incidents (nearly 3% of all reports). Despite municipal authorities gathering invaluable sensitive data, their securities leave a lot to be desired.
“The consequences will not just be tragic, they will be downright terrifying. From my experience, the ability to fend off attacks is in very poor shape in municipalities. I don’t hide the fact that as an industry, we are looking forward to Cyber Safe Self-Government and co-financing municipalities in hardware and applications that will protect mail, network, applications and above all data.”, Ossowski lists.
Under the program implemented by the Center for Digital Poland Projects in partnership with the State Research Institute NASK, 1.5 billion PLN will be allocated to improve cybersecurity in local government units. Applications for grants involve actions in three key areas related to cybersecurity. About 1.2 billion PLN is to be transferred to investments in hardware infrastructure and software and implementation services. Approximately 183 million PLN has been planned for the development of procedures, certification, conducting audits, and implementing the Information Security Management System. Meanwhile, 105 million PLN will be allocated for employee training. 90% of eligible units (2196 municipalities, 300 counties, and 15 provinces) have applied for participation in the program.
Under the project, beneficiaries will receive co-financing in the form of a grant in the amount of 200 to 850 thousand PLN for municipalities and 850 thousand PLN for counties and provinces. The project is co-financed by European Funds, under the European Funds program for Digital Development 2021-2027. The grant implementation period lasts for 24 months from the date the contract comes into force, but no longer than the end of June 2026.
“The cybersecurity industry is faced with a large gap, there are plenty of positions to be filled. It often happens that administrators in local government units are not on the level of safety guards, because that is simply difficult. Hence, there is a great need for investing in training, improving qualifications, and above all, awareness of threats – the fact that a small municipality is exposed to the exact same attacks as the town hall of a large city. By increasing this awareness among decision-makers, we reach a little lower to administrators, our ‘soldiers’, who will protect our data and information in such local government units. In turn, they need access to professional tools and companies that will integrate these types of tools in various systems.”, says the expert from Niebezpiecznik.pl.
The Supreme Chamber of Control pointed out how important data can fall into the hands of unauthorized persons through gaps in security in local government units in its last report. The inspection conducted in the Podlasie region revealed that data was processed in e-mail boxes set up on commercial domains without entering the required GDPR agreements for personal data processing. The data included names, addresses, PESEL numbers, telephone numbers, health status, employment, earnings, and family situation information.
“Let’s take each of us as a unit that appears in various databases. There will be my medical card in the hospital, there will be some information in the municipality office, in the communication department – you can multiply such units. And at the end of the day, one piece of data from one place and another from another place can be combined. We often assume that nothing happened, someone knew my name and surname, somewhere else he learned a PESEL number, somewhere else the car registration number. Let’s add a few such elements and it will then be very easy to steal our identity, because we will know a lot about this person.”, concludes Mateusz Ossowski.